Re: [Openvas-discuss] Automatically email deltas between two reports?
Is it possible with the latest OpenVAS-5 to have the delta from the newest scan compared to the previous scan included in alert emails that are sent out? No, that's not possible. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Email on threat count increase
Is it possible to have an alert email sent when the Threat Count has increased and not necessarily the Threat Level along with it? Basically I am trying to get an email sent out when a new open port is discovered by the Nmap NASL Wrapper port scanner regardless of if it has increased the Threat Level as a result. No, this is not currently possible. The only conditions at the moment are the three that appear in the GSA. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Email on threat count increase
Thanks for your help! I suppose that leads to my next question then. I need to be able to find a way of emailing only when new ports are discovered as open. Something I noticed is the "Risk Factor" of the Nmap (NASL Wrapper) scanner says it has a Risk of "High", yet when it discovers new ports they are placed as either Log or Low threat level. I think I may be misunderstanding what the Risk column represents in the Scan Config. If I could get the ports that OpenVAS to actually be something higher than Log or Low, I could possibly override them to be Low after I have verified they are fine, and that would have the added benefit of making the Threat Level increase, and kicking off an email. What does the Risk column mean in the "Scan Config Family Details"? I see in the help it says "Shows the risk factor of a NVT. Any NVT has a value." I would expect that to mean then when something is detected as problem under that NVT it would carry a "High" threat level, yet that doesn't seem to be the case. Is there a way of increasing all ports that are discovered as open from Log/Low to be Medium or higher for Nmap? I've been all through GSA and haven't been able to find a way of doing that. Thanks again for your help! On 5/12/2012 3:56 AM, Matthew Mundell wrote: Is it possible to have an alert email sent when the Threat Count has increased and not necessarily the Threat Level along with it? Basically I am trying to get an email sent out when a new open port is discovered by the "Nmap NASL Wrapper" port scanner regardless of if it has increased the Threat Level as a result. No, this is not currently possible. The only conditions at the moment are the three that appear in the GSA. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Email on threat count increase
You could always roll your own report diffing mechanism. Have your base report be diffed with the new report (you can automate omp easily), then use sendmail or something to email the diff to whomever is responsible. On May 12, 2012 9:10 AM, Russell Jones rjo...@eggycrew.com wrote: Thanks for your help! I suppose that leads to my next question then. I need to be able to find a way of emailing only when new ports are discovered as open. Something I noticed is the Risk Factor of the Nmap (NASL Wrapper) scanner says it has a Risk of High, yet when it discovers new ports they are placed as either Log or Low threat level. I think I may be misunderstanding what the Risk column represents in the Scan Config. If I could get the ports that OpenVAS to actually be something higher than Log or Low, I could possibly override them to be Low after I have verified they are fine, and that would have the added benefit of making the Threat Level increase, and kicking off an email. - What does the Risk column mean in the Scan Config Family Details? I see in the help it says Shows the risk factor of a NVT. Any NVT has a value. I would expect that to mean then when something is detected as problem under that NVT it would carry a High threat level, yet that doesn't seem to be the case. - Is there a way of increasing all ports that are discovered as open from Log/Low to be Medium or higher for Nmap? I've been all through GSA and haven't been able to find a way of doing that. Thanks again for your help! On 5/12/2012 3:56 AM, Matthew Mundell wrote: Is it possible to have an alert email sent when the Threat Count has increased and not necessarily the Threat Level along with it? Basically I am trying to get an email sent out when a new open port is discovered by the Nmap NASL Wrapper port scanner regardless of if it has increased the Threat Level as a result. No, this is not currently possible. The only conditions at the moment are the three that appear in the GSA. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss